ITEA is the Eureka Cluster on software innovation
ITEA is the Eureka Cluster on software innovation
Please note that the ITEA Office will be closed from 25 December 2024 to 1 January 2025 inclusive.
ITEA 4 page header azure circular

FirmwareCheck tool to automate dynamic analyses of IoT-firmwares

Project
17005 SCRATCh
Description

Enables automation of dynamic analyses on firmware images. This enables tests such as checking for running services and by which users these services are run. This goes beyond static analysis of firmwares.

Contact
OTARIS
Email
office@otaris.de
Technical features

Input(s):

  • Emulates a buildroot-generated firmware that is supplied
  • Alternatively runs standalone on any Linux system

Main feature(s):

  • Various security checks are run, that roughly correspond to the OWASP IoT Top 10 such as checking for outdated components, default passwords, open ports, processes running as root etc.

Output(s):

  • HTML-Report that describes findings
  • Console-output for CI/terminal only view
Integration constraints

Firmware needs to be generated with buildroot and it must be a QEMU compatible firmware in order to run in a CI. As an alternative, the standalone version can be run on any Linux system, but then the firmware has to be deployed to the device first.

Targeted customer(s)

Firmware developers and DevOps, researchers testing IoT firmwares and devices.

Conditions for reuse

Apache 2.0 License

Confidentiality
Public
Publication date
18-03-2022
Involved partners
OTARIS Interactive Services GmbH (DEU)